It was discovered that the Java Management Extensions (JMX) componentof OpenJDK did not properly apply deserialization filters in somesituations. An attacker could use this to bypass deserializationrestrictions.